Common use of Notice to DHCS Clause in Contracts

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take:

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI PSCI in electronic media or in any other media if the PHI or PI PSCI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI PSCI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate the contractor as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. the contractor.. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate The contractor shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take:xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly .aspx

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI PSCI in electronic media or in any other media if the PHI or PI PSCI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI PSCI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate the contractor as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. the contractor.. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate The contractor shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take:xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAsso ciatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take:

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery a breach of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, or upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. (2) To notify DHCS within 24 hours by email or fax of the discovery of any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate User as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business AssociateUser. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administrationelectronic PHI, notice shall be provided by calling the DHCS EITS ITSD Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate User shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate User shall take:

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI Pl in electronic media or in any other media if the PHI or PI Pl was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI Pl in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “"DHCS Privacy Incident Report” " form, including all information known at the time. Business Associate shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “"Privacy” " in the left column and then “"Business Use” " near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx http:l/xxx.xxxx.xx.xxx/xxxxxxxxxxxx/xxxx/xxxx/XxxxxxXXXXXxxxxxxxXxxxxxxxxxXxxx.xxxx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PIPl, Business Associate shall take:

Notice to DHCS. (1) To notify DHCS immediately upon the discovery of a suspected security incident that involves data provided to DHCS by the Social Security Administration. This notification will be by telephone call plus email or fax upon the discovery of the breach. (2) To notify DHCS within 24 hours by email or fax of the discovery of unsecured PHI or PI in electronic media or in any other media if the PHI or PI was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, any suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI in violation of this Agreement and this Addendum, or potential loss of confidential data affecting this Agreement. A breach shall be treated as discovered by Business Associate the contractor as of the first day on which the breach is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach) who is an employee, officer or other agent of Business Associate. the contractor.. Notice shall be provided to the DHCS Program Contract Manager, the DHCS Privacy Officer and the DHCS Information Security Officer. If the incident occurs after business hours or on a weekend or holiday and involves data provided to DHCS by the Social Security Administration, notice shall be provided by calling the DHCS EITS Service Desk. Notice shall be made using the “DHCS Privacy Incident Report” form, including all information known at the time. Business Associate The contractor shall use the most current version of this form, which is posted on the DHCS Privacy Office website (xxx.xxxx.xx.xxx, then select “Privacy” in the left column and then DHCS ICSR 2/15 “Business Use” near the middle of the page) or use this link: xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx Upon discovery of a breach or suspected security incident, intrusion or unauthorized access, use or disclosure of PHI or PI, Business Associate shall take:xxxx://xxx.xxxx.xx.xxx/formsandpubs/laws/priv/Pages/DHCSBusinessAssociatesOnly.aspx